Filtering by Access
Personas in this Story: Default, Member, Client.
Lets start with user visibility. We have three users in the system: owner, member and a client. Owner can see all users that are in the system, while members and clients can only see users that they worked with before:
Similar rule applies to companies - owner sees all companies, but member sees only companies that he worked with before:
Lets create a couple of projects:
Response: HTTP 200, application/json (Hide)
POST /projects
Payload:
1 2 3 4 5 6 7 8
{
"name": "Cadabra",
"leader_id": 1,
"members": [
2,
3
]
}Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
{
"single": {
"id": 1,
"class": "Project",
"url_path": "\/projects\/1",
"name": "Cadabra",
"completed_on": null,
"completed_by_id": null,
"is_completed": false,
"members": [
1,
2,
3
],
"category_id": 0,
"label_id": 0,
"is_trashed": false,
"trashed_on": null,
"trashed_by_id": 0,
"created_on": 1430164974,
"created_by_id": 1,
"updated_on": 1430164974,
"updated_by_id": 1,
"body": null,
"body_formatted": "",
"company_id": 1,
"leader_id": 1,
"currency_id": 2,
"template_id": 0,
"based_on_type": null,
"based_on_id": null,
"email": "notifications+m2p-gkvuy5i@mail.manageprojects.com",
"is_tracking_enabled": true,
"is_client_reporting_enabled": false,
"budget": null,
"count_tasks": 0,
"count_discussions": 0,
"count_files": 0,
"count_notes": 0
},
"category": null,
"hourly_rates": {
"1": 100
},
"label_ids": [],
"task_lists": null
}Response: HTTP 200, application/json (Hide)
POST /projects
Payload:
1 2 3 4
{
"name": "Relentless.com",
"leader_id": 1
}Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
{
"single": {
"id": 2,
"class": "Project",
"url_path": "\/projects\/2",
"name": "Relentless.com",
"completed_on": null,
"completed_by_id": null,
"is_completed": false,
"members": [
1
],
"category_id": 0,
"label_id": 0,
"is_trashed": false,
"trashed_on": null,
"trashed_by_id": 0,
"created_on": 1430164974,
"created_by_id": 1,
"updated_on": 1430164974,
"updated_by_id": 1,
"body": null,
"body_formatted": "",
"company_id": 1,
"leader_id": 1,
"currency_id": 2,
"template_id": 0,
"based_on_type": null,
"based_on_id": null,
"email": "notifications+m2p-qryWJTb@mail.manageprojects.com",
"is_tracking_enabled": true,
"is_client_reporting_enabled": false,
"budget": null,
"count_tasks": 0,
"count_discussions": 0,
"count_files": 0,
"count_notes": 0
},
"category": null,
"hourly_rates": {
"1": 100
},
"label_ids": [],
"task_lists": null
}Now everyone work on the same project, so they can see one another (including companies that they work for):
They can also see the project that they are involved with:
but not the project that they are not members of:
Owner can see both projects:
Lets create a couple of tasks:
Response: HTTP 200, application/json (Hide)
POST /projects/1/tasks
Payload:
1 2 3 4
{
"name": "Visible to all project members",
"body": "Rare term: Kosanica, Common Term: Zabljak. Boost: Zabljak, Zabljak, Zabljak"
}Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
{
"single": {
"id": 1,
"class": "Task",
"url_path": "\/projects\/1\/tasks\/1",
"name": "Visible to all project members",
"assignee_id": 0,
"delegated_by_id": 0,
"completed_on": null,
"completed_by_id": null,
"is_completed": false,
"comments_count": 0,
"attachments": [],
"labels": [],
"is_trashed": false,
"trashed_on": null,
"trashed_by_id": 0,
"project_id": 1,
"is_hidden_from_clients": false,
"body": "Rare term: Kosanica, Common Term: Zabljak. Boost: Zabljak, Zabljak, Zabljak",
"body_formatted": "Rare term: Kosanica, Common Term: Zabljak. Boost: Zabljak, Zabljak, Zabljak",
"created_on": 1430164975,
"created_by_id": 1,
"updated_on": 1430164975,
"updated_by_id": 1,
"task_number": 1,
"task_list_id": 0,
"position": 1,
"is_important": false,
"due_on": null,
"estimate": 0,
"job_type_id": 0,
"total_subtasks": 0,
"completed_subtasks": 0,
"open_subtasks": 0
},
"subscribers": [
1
],
"comments": [],
"reminders": [],
"subtasks": [],
"task_list": null,
"tracked_time": 0,
"tracked_expenses": 0
}Response: HTTP 200, application/json (Hide)
POST /projects/1/tasks
Payload:
1 2 3 4 5
{
"name": "Hidden from client",
"body": "Rare term: Durmitor, Common Term: Zabljak. Boost: Zabljak, Nebitno, Nebitno",
"is_hidden_from_clients": true
}Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
{
"single": {
"id": 2,
"class": "Task",
"url_path": "\/projects\/1\/tasks\/2",
"name": "Hidden from client",
"assignee_id": 0,
"delegated_by_id": 0,
"completed_on": null,
"completed_by_id": null,
"is_completed": false,
"comments_count": 0,
"attachments": [],
"labels": [],
"is_trashed": false,
"trashed_on": null,
"trashed_by_id": 0,
"project_id": 1,
"is_hidden_from_clients": true,
"body": "Rare term: Durmitor, Common Term: Zabljak. Boost: Zabljak, Nebitno, Nebitno",
"body_formatted": "Rare term: Durmitor, Common Term: Zabljak. Boost: Zabljak, Nebitno, Nebitno",
"created_on": 1430164976,
"created_by_id": 1,
"updated_on": 1430164976,
"updated_by_id": 1,
"task_number": 2,
"task_list_id": 0,
"position": 2,
"is_important": false,
"due_on": null,
"estimate": 0,
"job_type_id": 0,
"total_subtasks": 0,
"completed_subtasks": 0,
"open_subtasks": 0
},
"subscribers": [
1
],
"comments": [],
"reminders": [],
"subtasks": [],
"task_list": null,
"tracked_time": 0,
"tracked_expenses": 0
}Response: HTTP 200, application/json (Hide)
POST /projects/1/discussions
Payload:
1 2 3 4
{
"name": "Visible to all project members",
"body": "Rare term: Brzece, Common Term: Zabljak; Boost: Zabljak, Zabljak, Nebitno"
}Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
{
"single": {
"id": 1,
"class": "Discussion",
"url_path": "\/projects\/1\/discussions\/1",
"name": "Visible to all project members",
"comments_count": 0,
"attachments": [],
"is_trashed": false,
"trashed_on": null,
"trashed_by_id": 0,
"project_id": 1,
"is_hidden_from_clients": false,
"body": "Rare term: Brzece, Common Term: Zabljak; Boost: Zabljak, Zabljak, Nebitno",
"body_formatted": "Rare term: Brzece, Common Term: Zabljak; Boost: Zabljak, Zabljak, Nebitno",
"created_on": 1430164976,
"created_by_id": 1,
"updated_on": 1430164976,
"updated_by_id": 1
},
"subscribers": [
1
],
"comments": []
}Response: HTTP 200, application/json (Hide)
POST /projects/1/discussions
Payload:
1 2 3 4 5
{
"name": "Hidden from client",
"body": "Rare term: Kopanik, Common Term: Zabljak; Boost: Nebitno, Nebitno, Nebitno",
"is_hidden_from_clients": true
}Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
{
"single": {
"id": 2,
"class": "Discussion",
"url_path": "\/projects\/1\/discussions\/2",
"name": "Hidden from client",
"comments_count": 0,
"attachments": [],
"is_trashed": false,
"trashed_on": null,
"trashed_by_id": 0,
"project_id": 1,
"is_hidden_from_clients": true,
"body": "Rare term: Kopanik, Common Term: Zabljak; Boost: Nebitno, Nebitno, Nebitno",
"body_formatted": "Rare term: Kopanik, Common Term: Zabljak; Boost: Nebitno, Nebitno, Nebitno",
"created_on": 1430164976,
"created_by_id": 1,
"updated_on": 1430164976,
"updated_by_id": 1
},
"subscribers": [
1
],
"comments": []
}Owner will see all three tasks that have the term Zabljak:
Member will see only the tasks that from the first project:
and client will see only the task from the first project that is not hidden from clients:
When task is moved to trash, it will no longer be available in search:
Response: HTTP 200, application/json (Hide)
PUT /move-to-trash/task/1
Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
{
"single": {
"id": 1,
"class": "Task",
"url_path": "\/projects\/1\/tasks\/1",
"name": "Visible to all project members",
"assignee_id": 0,
"delegated_by_id": 0,
"completed_on": null,
"completed_by_id": null,
"is_completed": false,
"comments_count": 0,
"attachments": [],
"labels": [],
"is_trashed": true,
"trashed_on": 1430164977,
"trashed_by_id": 1,
"project_id": 1,
"is_hidden_from_clients": false,
"body": "Rare term: Kosanica, Common Term: Zabljak. Boost: Zabljak, Zabljak, Zabljak",
"body_formatted": "Rare term: Kosanica, Common Term: Zabljak. Boost: Zabljak, Zabljak, Zabljak",
"created_on": 1430164975,
"created_by_id": 1,
"updated_on": 1430164977,
"updated_by_id": 1,
"task_number": 1,
"task_list_id": 0,
"position": 1,
"is_important": false,
"due_on": null,
"estimate": 0,
"job_type_id": 0,
"total_subtasks": 0,
"completed_subtasks": 0,
"open_subtasks": 0
},
"subscribers": [
1
],
"comments": [],
"reminders": [],
"subtasks": [],
"task_list": null,
"tracked_time": 0,
"tracked_expenses": 0
}Now, lets restore the task to see how that affects the trash:
Response: HTTP 200, application/json (Hide)
PUT /restore-from-trash/task/1
Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
{
"single": {
"id": 1,
"class": "Task",
"url_path": "\/projects\/1\/tasks\/1",
"name": "Visible to all project members",
"assignee_id": 0,
"delegated_by_id": 0,
"completed_on": null,
"completed_by_id": null,
"is_completed": false,
"comments_count": 0,
"attachments": [],
"labels": [],
"is_trashed": false,
"trashed_on": null,
"trashed_by_id": 0,
"project_id": 1,
"is_hidden_from_clients": false,
"body": "Rare term: Kosanica, Common Term: Zabljak. Boost: Zabljak, Zabljak, Zabljak",
"body_formatted": "Rare term: Kosanica, Common Term: Zabljak. Boost: Zabljak, Zabljak, Zabljak",
"created_on": 1430164975,
"created_by_id": 1,
"updated_on": 1430164977,
"updated_by_id": 1,
"task_number": 1,
"task_list_id": 0,
"position": 1,
"is_important": false,
"due_on": null,
"estimate": 0,
"job_type_id": 0,
"total_subtasks": 0,
"completed_subtasks": 0,
"open_subtasks": 0
},
"subscribers": [
1
],
"comments": [],
"reminders": [],
"subtasks": [],
"task_list": null,
"tracked_time": 0,
"tracked_expenses": 0
}And finally, a permanent removal:
Response: HTTP 200, application/json (Hide)
PUT /move-to-trash/task/1
Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
{
"single": {
"id": 1,
"class": "Task",
"url_path": "\/projects\/1\/tasks\/1",
"name": "Visible to all project members",
"assignee_id": 0,
"delegated_by_id": 0,
"completed_on": null,
"completed_by_id": null,
"is_completed": false,
"comments_count": 0,
"attachments": [],
"labels": [],
"is_trashed": true,
"trashed_on": 1430164978,
"trashed_by_id": 1,
"project_id": 1,
"is_hidden_from_clients": false,
"body": "Rare term: Kosanica, Common Term: Zabljak. Boost: Zabljak, Zabljak, Zabljak",
"body_formatted": "Rare term: Kosanica, Common Term: Zabljak. Boost: Zabljak, Zabljak, Zabljak",
"created_on": 1430164975,
"created_by_id": 1,
"updated_on": 1430164978,
"updated_by_id": 1,
"task_number": 1,
"task_list_id": 0,
"position": 1,
"is_important": false,
"due_on": null,
"estimate": 0,
"job_type_id": 0,
"total_subtasks": 0,
"completed_subtasks": 0,
"open_subtasks": 0
},
"subscribers": [
1
],
"comments": [],
"reminders": [],
"subtasks": [],
"task_list": null,
"tracked_time": 0,
"tracked_expenses": 0
}Response: HTTP 200, text/html
DELETE /permanently-delete/task/1
Response: HTTP 404, text/html
GET /projects/1/tasks/1
